PRIVACY POLICY AND PERSONAL DATA PROCESSING MANUAL

FORET LOFTS. NIT 901.262.684-1, aware of the importance of preserving, protecting, maintaining the integrity, and ensuring the confidentiality of its customers’ personal data, has designed a policy for storing and processing the information received from customers through various channels (websites, email, telephone information centers, etc.). This policy reflects its commitment to complying with Law 1581 of 2012 and Decree 1377 of 2013.

The personal information covered by this policy may be collected by FORET LOFTS through its website www.hotelcampestrelaplaya.com, when visiting or acquiring services offered on the platform, or directly at hotels affiliated or associated with FORET LOFTS.

The data subject is considered to have accepted the provisions established in this policy when they visit or use the website www.foretlofts.com and/or when they enter personal data through the designated functions.

CHAPTER I – GENERAL PROVISIONS

ARTICLE 1. DEFINITIONS

For the purposes of this manual and in accordance with Law 1581 of 2012 and Decree 1377 of 2013, the following definitions will be taken into account:

• Authorization: Prior, express, and informed consent given by the Data Subject for processing their personal data.
• Privacy Notice: Verbal or written communication issued by the Controller to the Data Subject, informing them about the existence of data processing policies applicable to them, how to access them, and the purposes for which their data will be processed.
• Database: An organized set of personal data that is subject to processing.
• Personal Data: Any information related to or that can be associated with one or more identifiable natural persons.
• Private Data: Data that, due to its intimate or reserved nature, is only relevant to the data subject.
• Sensitive Data: Information that affects the privacy of the Data Subject or whose misuse may lead to discrimination, such as data revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, union memberships, or health, sexual life, and biometric data.
• Data Processor: A natural or legal person, public or private, who processes personal data on behalf of the Data Controller.
• Data Controller: A natural or legal person, public or private, who, alone or in association with others, decides on the database and/or data processing.
• Data Subject: The natural person whose personal data is being processed.
• Processing: Any operation or set of operations performed on personal data, such as collection, storage, use, circulation, or deletion.

ARTICLE 2. PURPOSE

This document aims to regulate the procedures for collecting, handling, and processing personal data carried out by FORET LOFTS, ensuring and protecting the fundamental right to habeas data of its guests, visitors, customers, users, and suppliers under the provisions of the law. This is in compliance with Article 17(k) of Law 1581 of 2012, which establishes the duties of data controllers, including the obligation to “adopt an internal manual of policies and procedures to ensure compliance with the law, particularly for handling inquiries and complaints.”

ARTICLE 3. SCOPE OF APPLICATION

This manual applies to all personal data recorded or to be recorded in the various databases managed by FORET LOFTS, including databases of guests, visitors, customers, and suppliers who provide their data for commercial purposes.

The information collected by FORET LOFTS may include, in whole or in part, depending on the needs of each product and/or service, the following data:

• Full name
• Type and number of identification
• Nationality and country of residence
• Date of birth and gender
• Marital status and/or relationship with minors or disabled persons requesting our services
• Landline and mobile contact numbers (personal and/or work-related)
• Physical and electronic addresses (personal and/or work-related)
• Profession or occupation
• Company of employment and job position
• Travel origin and destination
• Reason for travel
• Credit card information (number, issuing bank, expiration date)
• Cardholder’s personal data (full name, type and number of identification)
• Billing address where the cardholder receives bank statements

This data may be stored and/or processed on computer systems, as authorized by our guests, visitors, customers, users, and suppliers upon acceptance of this Privacy Policy and Personal Data Processing Manual.

ARTICLE 4. ACCURACY OF INFORMATION

Our guests, visitors, customers, users, and suppliers must provide accurate personal information to enable FORET LOFTS to deliver services. By providing the required information, they accept this condition.

FORET LOFTS assumes the accuracy of the information provided and does not verify or assume the obligation to verify the identity of guests, visitors, customers, users, or suppliers, nor the accuracy, validity, sufficiency, or authenticity of the data they provide. Therefore, FORET LOFTS is not liable for damages arising from inaccurate, outdated, insufficient, or false information, including damages resulting from homonymy or identity theft.

ARTICLE 5. APPLICABLE LEGISLATION

This manual was drafted in accordance with Law 1581 of 2012, which establishes general provisions for personal data protection, and Decree 1377 of 2013, which partially regulates Law 1581 of 2012.

ARTICLE 6. CHILDREN AND ADOLESCENTS’ DATA

FORET LOFTS ensures the proper use of personal data of minors, guaranteeing that their data is processed in their best interests and respecting their fundamental rights, taking their opinion into account whenever possible.

ARTICLE 7. PURPOSE OF PERSONAL DATA PROCESSING

The information collected is used to process, confirm, fulfill, and provide acquired services and/or products, directly and/or with the participation of third-party providers. Additionally, it is used for marketing activities, market research, auditing, statistical analysis, billing, offering, and recognizing benefits under our internal programs.

By accepting this Privacy Policy and Personal Data Processing Manual, our guests, visitors, customers, users, and suppliers, in their capacity as data subjects, authorize FORET LOFTS to process their data, in whole or in part, including collection, storage, recording, use, circulation, and deletion. This processing is conducted for activities related to acquired services and products, including reservations, modifications, cancellations, refunds, customer service, fraud prevention, anti-money laundering measures, and compliance with internal programs.

This data processing may involve third-party providers (such as reservation system providers, travel agencies, call centers, banks, and insurance companies).

Additionally, our travelers, customers, and users, by accepting this policy, authorize us to:

• Use their information for marketing purposes related to our products and services and those of business partners.
• Provide personal data to regulatory authorities, law enforcement, or judicial entities upon legal or regulatory request.
• Allow access to personal data for audits or third-party reviews of business activities.
• Consult and update personal data at any time to ensure its accuracy.
• Contract third parties for data storage and/or processing, ensuring compliance with confidentiality and security standards.

This document continues with additional chapters covering authorization mechanisms, data subject rights, access and complaint procedures, security measures, and final provisions.